Encourage an adversary to conduct part or all of their mission.
Motivation is used to encourage an adversary to conduct part or all of their mission by providing a target-rich environment. To do this, the defender can use unpatched versions of operating systems and software, remove end-point detection software, and use weak passwords. Additionally, the defender can open firewall ports, add proxy capabilities, or introduce elements that an adversary can easily leverage to bypass an obstacle in their operations. Finally, the defender can include enticing data to the environment to encourage the adversary to steal the data.
|Application Diversity||Present the adversary with a variety of installed applications and services.||EAC0006|
|Artifact Diversity||Present the adversary with a variety of network and system artifacts.||EAC0022|
|Detonate Malware||Execute malware under controlled conditions to analyze its functionality.||EAC0013|
|Information Manipulation||Conceal and reveal both facts and fictions to support a deception story||EAC0015|
|Personas||Create fictitious human user(s) through a combination of planted data and revealed behavior patterns.||EAC0012|
|Network Diversity||Use a diverse set of devices on the network to help establish the legitimacy of a decoy network.||EAC0007|